xenorat | afe1cd83d722daa13601c0de896cec93dbae4f9ce4ad78ca3b845060101f0101 | Triage

Resubmissions

30-05-2024 23:55

240530-3yt9ksga57 10

30-05-2024 23:53

240530-3xms4sga24 10

Sharing

General

Target

testingrat.exe
Size

45KB
Sample

240530-3yt9ksga57
MD5

7bf7d5fb2ed513c687cd676fe53f5ee9
SHA1

e9251ef1dd3ebe4f17acf0b3552e22751009c8c1
SHA256

afe1cd83d722daa13601c0de896cec93dbae4f9ce4ad78ca3b845060101f0101
SHA512

4c189aee06185359827432b021e8850b1bfbc78da932c4b259b665de7a1b293e0ee281627750bcce7e4fb2ccd8b2b8c0f89a7d68b77e27e7e52832a887f0f447
SSDEEP

768:ldhO/poiiUcjlJInVqH9Xqk5nWEZ5SbTDamWI7CPW5K:7w+jjgn8H9XqcnW85SbTvWIi

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

related-directed.gl.at.ply.gg

Mutex

TestingRat

Attributes

install_path
appdata
port
3403
startup_name
Console

Targets

- Target
  
  testingrat.exe
- Size
  
  45KB
- MD5
  
  7bf7d5fb2ed513c687cd676fe53f5ee9
- SHA1
  
  e9251ef1dd3ebe4f17acf0b3552e22751009c8c1
- SHA256
  
  afe1cd83d722daa13601c0de896cec93dbae4f9ce4ad78ca3b845060101f0101
- SHA512
  
  4c189aee06185359827432b021e8850b1bfbc78da932c4b259b665de7a1b293e0ee281627750bcce7e4fb2ccd8b2b8c0f89a7d68b77e27e7e52832a887f0f447
- SSDEEP
  
  768:ldhO/poiiUcjlJInVqH9Xqk5nWEZ5SbTDamWI7CPW5K:7w+jjgn8H9XqcnW85SbTvWIi
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan